The TonForce team has completed an internal technical review of the v4 smart contract. In this article, we share the results and what they mean for participants.

What was checked

The review covered 9 key areas of smart contract security on the TON network:

  • Reentrancy attack — TON uses async messages, classic reentrancy is impossible
  • Integer overflow / underflow — all numbers in safe types (uint32, uint64, coins)
  • Unauthorized withdrawal — Withdraw protected by require(sender() == owner)
  • Denial of Service — recursion limit of 5 levels, SendIgnoreErrors on payouts
  • Input validation — all handlers validate parameters, refund on error
  • Duplicate registration protection — contract refunds without re-execution
  • Time manipulation — now() in TON is provided by validators, manipulation is impossible
  • Rug pull (custodial) — contract holds no user funds, all payouts are instant
  • Owner manipulation — prices, tree and subscriptions cannot be changed after deployment

Contract address

The contract is deployed on TON Mainnet at:

EQD9w0u-1pXUF3YWHA8b5YRG_CdDhjlyZAJ37uoT1YvljZLb

You can verify it in any blockchain explorer:

Important notice

This is an internal technical review performed by the project team. It is not a third-party audit from an independent firm (CertiK, Hacken, OtterSec). Before using the platform, we recommend analyzing the code published on GitHub yourself.

Participation in a matrix MLM program involves economic risk. Only invest funds whose loss won't affect your financial well-being.

Full report

The full PDF report of the technical review is available at this link.